1. Field of the Invention
The invention is generally concerned with the problems relating to the checking and the validity of information transmitted by means of an electronic device having at least one memory in which said information is stored, and more particularly a process for certifying or authenticating the origin of at least one item of information stored in the memory in a first electronic device and transmitted to a second electronic device, and a system for carrying out the process.
2. Description of the Prior Art
The popularity of data communications has created a new problem, i.e. how to recognize an individual or card bearer, remotely or locally, by a correspondent or business representative who does not know the individual personally, or by a data processing system to which an individual wishes to address via a terminal.
The rise of importance of data communications in the business and banking communities has been enhanced by the acceptance of electronic fund transfer terminals and the appearance of portable and removable electronic carriers such as credit cards and the like that include a microprocessor and a protected nonvolatile memory. The popularity and acceptance of these cards have provided only a glimpse of a vast field of applications and the upcoming opportunities of use directed in particular toward the public at large.
Because of the ability to personalize these cards through information previously stored in their memories, it has been possible to devise and to perfect systems that enable persons or systems to access terminals and to carry out protected operations or transactions. Among the various applications, those that readily come into mind include access to services of any kind such as, for example, access to protected premises or enclosures, data communications services, data banks, bank services, etc.
Generally speaking, all these applications give rise to an exchange of information in the form of a dialogue initiated, for instance, on a non-limitative basis, either
(a) between at least one card controlled by a natural person or a corporation, and a system devised to render a given service or to give access to a protected data; PA1 (b) between two cards, controlled, respectively, by two natural persons and/or corporations; or PA1 (c) between two data processing systems. PA1 (a) Is it not possible with my card to gain access to services to which I normally have no access, i.e., unauthorized access to other areas; PA1 (b) Is it not possible, in the case of a payable service, to gain access to this service free of charge, i.e. to circumvent the scheme, e.g. access to a pay T.V. channel for which no subscription fee has been paid; PA1 (c) Is it not possible to use somebody else's card instead of mine or will somebody be able to use my card?
From the instant when there is a need to exchange information, particularly confidential information, it is imperative to initiate checks that generally verify the proof that a card belongs to its holder, the identity of the correspondents, the validity of the information transmitted or exchanged. That is, it is necessary to ensure that the user is an authorized user and that the information exchanged is valid or correctly received. It goes without saying that these checks are related to all applications in which such electronic cards are used and that they are all the more imperative because of the possibility of fraud with respect to protected access or protected service. Experience has shown that even the most sophisticated codes can be and frequently are broken to gain acccess to protected areas or devices.
Indeed, a card holder who presumably is charged for the services obtained through his card will more or less be induced to ask himself questions like;
These questions raise the problem of the degree of safety and inviolability of card systems.